Results 1 to 5 of 5

Thread: Site Security

  1. #1
    George
    Guest

    Default Site Security

    I am hoping someone out there has some good advice.

    I have a web site designed with NetObjects - which has been hacked into 3
    time in the past year (www.spga.org). Somehow the perps are getting past
    the host password security (yes I have changed the passwords after each
    break-in) and "they" are depositing unauthorized pages or content buried
    deep into the directory structure. The only way I have learned of these
    break-ins is through concerned web community members alerting me to the
    scams being perpetrated.

    I have since disabled all the php scripts we were using on the advice that
    they could leave a site vulnerable - except we still use "cutenews"
    (http://cutephp.com/) which is a easy to use news management script of which
    I am the only editor (i.e. no other "contributors" have been set up).

    The question becomes how to maintain an open web site but prevent such
    break-ins where scammers can somehow alter the web pages themselves and/or
    deposit bogus or harmful files directly into the site directories? Two of
    the 3 events were serious in that they were phishing scams which apparently
    activated some kind of script deposited deep within our site. I have
    isolated the scripts and disabled the pages, but don't know what to do with
    it or who to contact about trying to track down the hackers - as if that can
    be of any help at all!

    I am at wit's end and am even considering changing hosts (we are using
    Netfirms.com) if that will somehow solve the security issue.

    Any suggestions?

    Thanks...
    GEORGE



  2. #2
    Dave@Web by Design, Inc.
    Guest

    Default Re: Site Security

    George,

    It's not reasonable to think that these creeps have "guessed" your login
    three times. It sounds to me like you have someone that has found easy
    access to your ISP network connection. Could be you are using a wireless
    connection, or they may just be camped out sniffing your IP address.

    My first suggestion would be to switch to Secure FTP when updating your
    website. Files being transferred by FTP are vulnerable to man-in-the-middle
    attacks where data is intercepted and then altered before sending it back on
    its way. Another scenario where using secure FTP is critical is during web
    site updates. Without secure FTP, it is very easy to hack a web site and
    edit it with digital graffiti. All a hacker has to do is find out the IP
    address of the web site using a reverse ping on the domain name, and then
    set up a sniffer to run 24 hours a day on the IP address to sniff and log
    the login connection. As soon as the web master logs in to update the site,
    the hacker's sniffer can grab and record the password and login information.
    Using the login information, hackers can then download the site's web pages
    onto their own computer. After downloading the website, hackers then can use
    any number of HTML editors to edit the website with graffiti, fraudulent
    news, or anything else, and then FTP it back to its real home on the Web
    using the login and password they sniffed earlier. The main reason that web
    sites get hacked is because they are being updated with insecure FTP
    transfers. There are other ways that web sites can get hacked (due to
    improper OS and incorrect server configurations) but using secure FTP
    certainly reduces the probability of hacks due to insecure file transfers
    and logins.

    Dave



    "George" <George@SourceCFO.com> wrote in message
    news:eq0o2c$e8s1@flsun90netnews01.netobjects.com.. .
    >I am hoping someone out there has some good advice.
    >
    > I have a web site designed with NetObjects - which has been hacked into 3
    > time in the past year (www.spga.org). Somehow the perps are getting past
    > the host password security (yes I have changed the passwords after each
    > break-in) and "they" are depositing unauthorized pages or content buried
    > deep into the directory structure. The only way I have learned of these
    > break-ins is through concerned web community members alerting me to the
    > scams being perpetrated.
    >
    > I have since disabled all the php scripts we were using on the advice that
    > they could leave a site vulnerable - except we still use "cutenews"
    > (http://cutephp.com/) which is a easy to use news management script of
    > which I am the only editor (i.e. no other "contributors" have been set
    > up).
    >
    > The question becomes how to maintain an open web site but prevent such
    > break-ins where scammers can somehow alter the web pages themselves and/or
    > deposit bogus or harmful files directly into the site directories? Two of
    > the 3 events were serious in that they were phishing scams which
    > apparently activated some kind of script deposited deep within our site.
    > I have isolated the scripts and disabled the pages, but don't know what to
    > do with it or who to contact about trying to track down the hackers - as
    > if that can be of any help at all!
    >
    > I am at wit's end and am even considering changing hosts (we are using
    > Netfirms.com) if that will somehow solve the security issue.
    >
    > Any suggestions?
    >
    > Thanks...
    > GEORGE
    >




  3. #3
    George
    Guest

    Default Re: Site Security

    Dave - thanks for your insights.

    Although I DO run a wireless connection with WEP security at this location,
    the computer I use for Web design is almost always wired directly through a
    wired switch to the cable modem with Cat5e cable for better performance - so
    I don't think it's a wireless sniffer as a possibility.

    However, in checking my site updates, the break-ins did occur within days or
    even hours of a full site update, so your idea of someone sniffing and
    logging the FTP login connection seems to be a very likely possibility.

    I am using the NetObjects "Publish" option to upload the files. And
    although others in this forum have complained about NetObject's publish
    performance issues, I have not run into any problems that I did not cause
    myself and I have not noticed any speed issues since this 25+ page site
    uploads in about 5 minutes. I am currently working with NOF7.5 and NOF9.0.
    Anyway, so far no problems with either program's publish function - at least
    as far as I can tell.

    I suppose I could manually change the ISP password immediately following
    each site update... but that seems like an extreme solution.

    So, my next question is - how can I change my update routine to use a more
    secure FTP function? I've tried test logging onto my ISP (NetFirms.com)
    using SmartFTP in "Implicit" and "Explicit" secure mode - but the connection
    keeps being rejected by the host. But maybe I have a configuration issue.

    Any thoughts you can provide would be greatly appreciated.

    Thanks...
    GEORGE



    "Dave@Web by Design, Inc." <dave_no@spam_wbdi.net> wrote in message
    news:eq0uro$e8s2@flsun90netnews01.netobjects.com.. .
    > George,
    >
    > It's not reasonable to think that these creeps have "guessed" your login
    > three times. It sounds to me like you have someone that has found easy
    > access to your ISP network connection. Could be you are using a wireless
    > connection, or they may just be camped out sniffing your IP address.
    >
    > My first suggestion would be to switch to Secure FTP when updating your
    > website. Files being transferred by FTP are vulnerable to
    > man-in-the-middle attacks where data is intercepted and then altered
    > before sending it back on its way. Another scenario where using secure FTP
    > is critical is during web site updates. Without secure FTP, it is very
    > easy to hack a web site and edit it with digital graffiti. All a hacker
    > has to do is find out the IP address of the web site using a reverse ping
    > on the domain name, and then set up a sniffer to run 24 hours a day on the
    > IP address to sniff and log the login connection. As soon as the web
    > master logs in to update the site, the hacker's sniffer can grab and
    > record the password and login information. Using the login information,
    > hackers can then download the site's web pages onto their own computer.
    > After downloading the website, hackers then can use any number of HTML
    > editors to edit the website with graffiti, fraudulent news, or anything
    > else, and then FTP it back to its real home on the Web using the login and
    > password they sniffed earlier. The main reason that web sites get hacked
    > is because they are being updated with insecure FTP transfers. There are
    > other ways that web sites can get hacked (due to improper OS and incorrect
    > server configurations) but using secure FTP certainly reduces the
    > probability of hacks due to insecure file transfers and logins.
    >
    > Dave
    >
    >
    >
    > "George" <George@SourceCFO.com> wrote in message
    > news:eq0o2c$e8s1@flsun90netnews01.netobjects.com.. .
    >>I am hoping someone out there has some good advice.
    >>
    >> I have a web site designed with NetObjects - which has been hacked into 3
    >> time in the past year (www.spga.org). Somehow the perps are getting past
    >> the host password security (yes I have changed the passwords after each
    >> break-in) and "they" are depositing unauthorized pages or content buried
    >> deep into the directory structure. The only way I have learned of these
    >> break-ins is through concerned web community members alerting me to the
    >> scams being perpetrated.
    >>
    >> I have since disabled all the php scripts we were using on the advice
    >> that they could leave a site vulnerable - except we still use "cutenews"
    >> (http://cutephp.com/) which is a easy to use news management script of
    >> which I am the only editor (i.e. no other "contributors" have been set
    >> up).
    >>
    >> The question becomes how to maintain an open web site but prevent such
    >> break-ins where scammers can somehow alter the web pages themselves
    >> and/or deposit bogus or harmful files directly into the site directories?
    >> Two of the 3 events were serious in that they were phishing scams which
    >> apparently activated some kind of script deposited deep within our site.
    >> I have isolated the scripts and disabled the pages, but don't know what
    >> to do with it or who to contact about trying to track down the hackers -
    >> as if that can be of any help at all!
    >>
    >> I am at wit's end and am even considering changing hosts (we are using
    >> Netfirms.com) if that will somehow solve the security issue.
    >>
    >> Any suggestions?
    >>
    >> Thanks...
    >> GEORGE
    >>

    >
    >




  4. #4
    Senior Member
    Join Date
    Apr 2021
    Posts
    104

    Default

    For the site security I thin you should use a plugin of WordPress sucuri security to improve your site security and secure your site from hackers as I am doing on my site fm whatsapp...

  5. #5

    Default

    Quote Originally Posted by milesstone View Post
    For the site security I thin you should use a plugin of WordPress sucuri security to improve your site security and secure your site from hackers as I am doing on my site fm whatsapp...
    Thank you so much for sharing this info which is really useful for me to secure my site.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •